Re: Rejecting connections to 127.0.0.1 from eth0

To: debian-isp@lists.debian.org
Subject: Re: Rejecting connections to 127.0.0.1 from eth0
From: "manchild@dread-legion.com" <manchild@dread-legion.com>
Date: Sat, 11 Nov 2006 13:04:59 +0100
Message-id: <[🔎] 4555BC6B.4040801@dread-legion.com>
In-reply-to: <[🔎] 87psbukzjk.fsf@pumba.bayour.com>
References: <[🔎] 87psbukzjk.fsf@pumba.bayour.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If the dest ip is 127.0.0.1, the "portscan" is locally, not incoming
from eth0.

How the logs look like?

cu
deadchild

Turbo Fredriksson schrieb:
> I get a lot of port scans to 127.0.0.1 and they MUST be comming
> from eth0!
> 
> I thought that rules like this should suffice, but it doesn't
> seem like it does:
> 
> ----- s n i p -----
> # Setting up connections to 127.0.0.1 via external interface
> /sbin/iptables -A INPUT -i eth0 -d 127.0.0.1 -j REJECT --reject-with tcp-reset --protocol tcp
> /sbin/iptables -A INPUT -i eth0 -d 127.0.0.1 -j DROP --protocol udp
> ----- s n i p -----
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFVbxrf+zo6mKRonURAoYqAJ0SS5gg9ggIGLI3Pj80RQIMs0mPWACgiZ1J
XESPUdVo94jl2dSJNpHfinw=
=7AwY
-----END PGP SIGNATURE-----

Reply to:

References:
- Rejecting connections to 127.0.0.1 from eth0
  - From: Turbo Fredriksson <turbo@debian.org>

Prev by Date: Rejecting connections to 127.0.0.1 from eth0
Next by Date: Re: Rejecting connections to 127.0.0.1 from eth0
Previous by thread: Rejecting connections to 127.0.0.1 from eth0
Next by thread: Re: Rejecting connections to 127.0.0.1 from eth0
Index(es):
- Date
- Thread